• Eric W. Biederman's avatar
    userns: Don't allow unprivileged creation of gid mappings · be7c6dba
    Eric W. Biederman authored
    As any gid mapping will allow and must allow for backwards
    compatibility dropping groups don't allow any gid mappings to be
    established without CAP_SETGID in the parent user namespace.
    
    For a small class of applications this change breaks userspace
    and removes useful functionality.  This small class of applications
    includes tools/testing/selftests/mount/unprivilged-remount-test.c
    
    Most of the removed functionality will be added back with the addition
    of a one way knob to disable setgroups.  Once setgroups is disabled
    setting the gid_map becomes as safe as setting the uid_map.
    
    For more common applications that set the uid_map and the gid_map
    with privilege this change will have no affect.
    
    This is part of a fix for CVE-2014-8989.
    
    Cc: stable@vger.kernel.org
    Reviewed-by: default avatarAndy Lutomirski <luto@amacapital.net>
    Signed-off-by: default avatar"Eric W. Biederman" <ebiederm@xmission.com>
    be7c6dba
user_namespace.c 23.2 KB